Software library versioning with caching

1. A system, comprising: at least one computing device; and instructions executable in the at least one computing device, wherein when executed the instructions cause the at least one computing device to at least: receive a request from a client computing device for a library, the request being generated by a first dependency; determine that the first dependency requires a version of the library; execute a cryptographic hash function using a private key as an input to generate a signature that identifies the version of the library in response to determining that the first dependency requires the version of the library; transfer the library together with the signature and a public key associated with the private key that is capable of verifying the signature to the client computing device in a first transfer via a network in response to the request; attribute a data transfer cost that results from the first transfer of the library to the client computing device via the network to a first entity associated with the first dependency; receive a request for a signature file via the network, the request being generated by a second dependency; determine that the request specifies the library having a same signature; transfer the signature file to the client computing device via the network; determine that a second transfer of the library generated by the second dependency was avoided due to a cached copy of the library stored on the client computing device based at least in part on a transfer log indicating at least one signature transfer without a content of the library; and reattribute a portion of the data transfer cost attributed to the first entity to a second entity associated with the second dependency.

2. The system of claim 1 , wherein when executed the instructions further cause the client computing device to at least receive a report from the client computing device indicating that the second transfer was avoided and identifying the first dependency and the second dependency.

3. The system of claim 1 , wherein when executed the instructions further cause the at least one computing device to at least: record an indication of the first transfer in the transfer log; and record an indication of the transfer of the signature file in the transfer log.

4. The system of claim 1 , wherein the transfer log further comprises a plurality of parameters corresponding to the first transfer.

5. The system of claim 4 , wherein the plurality of parameters corresponding to the first transfer comprises at least one of a number of bytes transferred, a maximum transfer rate, a time of transfer, and a destination network address.

6. The system of claim 1 , wherein the library is transferred via the network in an envelope format containing the signature and the public key followed by the content of the library.

7. The system of claim 1 , wherein the library is received having a filename that includes the signature.

8. A system, comprising: a client computing device; and instructions executable in the client computing device, wherein when executed the instructions cause the client computing device to at least: request a library in response to a first dependency in a first network resource, the first dependency requiring a version of the library; receive in a first download the library together with a signature that identifies the version of the library and a public key capable of verifying the signature, the public key being chained to a trusted certificate pinned by the client computing device, and a cost being attributed to a first entity associated with the first dependency based at least in part on the first download; verify an authenticity of the public key using the trusted certificate pinned by the client computing device; execute a cryptographic hash function using the public key as an input to the cryptographic hash function to obtain a hash value; verify an authenticity of the library by comparing the hash value with the signature; store the library in a local cache on the client computing device, the local cache being indexed by respective library signatures; determine that a second network resource has a second dependency on the library; determine that the second dependency specifies the library having a same signature; request a signature file in response to the second dependency; receive the signature file associated with the second dependency; and load the library from the local cache in response to the second dependency specifying the library having the same signature, thereby avoiding a second download of the library, a portion of the cost attributed to the first entity being reattributed to a second entity associated with the second dependency based at least in part on the second download being avoided.

9. The system of claim 8 , wherein when executed the instructions further cause the client computing device to at least send, to a server, data reporting a loading of the library from the local cache rather than a download via a network, the loading being reported in association with an identification of the first network resource and an identification of the second network resource.

10. The system of claim 8 , wherein the first dependency and the second dependency specify a uniform resource identifier (URI) that includes the same signature, the first dependency and the second dependency respectively specifying different URIs.

11. The system of claim 8 , wherein the library is received via a network in an envelope format containing the signature and the public key followed by a content of the library.

12. The system of claim 8 , wherein the signature is received via a first file, the library is received via a second file, and a first uniform resource identifier (URI) corresponding to the first file is determined according to a predetermined format based at least in part on a second URI corresponding to the second file.

13. The system of claim 8 , wherein the library corresponds to at least one of: a JavaScript library or a dynamic-link library.

14. The system of claim 8 , wherein the first network resource is managed by the first entity and received via a first application, and the second network resource is managed by the second entity and received via a second application.

15. The system of claim 8 , wherein the library is received having a filename that includes the signature.

16. A method, comprising: requesting, via at least one of one or more computing devices, a library via a network in response to a first dependency in a first client application, the first dependency requiring a version of the library; receiving, via at least one of the one or more computing devices, in a first download, the library together with a signature that identifies the version of the library and a public key capable of verifying the signature, the public key being chained to a trusted certificate pinned by the first client application and a second client application, and a cost being attributed to a first entity associated with the first dependency based at least in part on the first download; verifying, via at least one of the one or more computing devices, an authenticity of the public key using the trusted certificate pinned by the first client application and the second client application; executing, via at least one of the one or more computing devices, a cryptographic hash function using the public key as an input to the cryptographic hash function to obtain a hash value; verifying, via at least one of the one or more computing devices, an authenticity of the library by comparing the hash value with the signature; storing, via at least one of the one or more computing devices, the library in a local cache, the local cache being indexed by respective library signatures; determining, via at least one of the one or more computing devices, that the second client application has a second dependency on the library; requesting, via at least one of the one or more computing devices, a signature file via the network in response to the second dependency; receiving, via at least one of the one or more computing devices, the signature file associated with the second dependency; determining, via at least one of the one or more computing devices, that the second dependency specifies the library having a same signature; and loading, via at least one of the one or more computing devices, the library from the local cache in response to the second dependency specifying the library having the same signature, thereby avoiding a second download of the library, a portion of the cost attributed to the first entity being reattributed to a second entity associated with the second dependency based at least in part on the second download being avoided.

17. The method of claim 16 , further comprising sending, to a server, data reporting a loading of the library from the local cache rather than a download via the network, the loading being reported in association with an identification of the first client application and an identification of the second client application.

18. The method of claim 16 , wherein the first dependency and the second dependency specify a uniform resource identifier (URI) that includes the same signature, the first dependency and the second dependency respectively specifying different URIs.

19. The method of claim 16 , wherein the library is received via the network in an envelope format containing the signature and the public key followed by a content of the library.

20. The method of claim 16 , wherein the signature is received via a first file, the library is received via a second file, and a first uniform resource identifier (URI) corresponding to the first file is determined according to a predetermined format based at least in part on a second URI corresponding to the second file.